I?m getting ready to shutdown and MPLS circuit and cut over to a site to site VPN. The tunnel will be between two PIX?s running 6.3.x. Once I disable sysopt connection permit-ipsec on both firewalls and modify the incoming access-list, users from Site A can access all the segments at Site B and vice versa. The issue that I can see happening is with one of the segments at Site B that is a DMZ
How can I setup ?one way? access to the DMZ so that LAN segments can initiate connections to the DMZ but hosts in the DMZ cannot initiate connect into the LAN over the site to site VPN. Would I do it with an access list on the DMZ interface?